Internet theft cases, spoofing, fishing are common these days. Most information security agencies like Computer Emergency Response Team (CERT), OWAPS SANS are taking action to stop these frauds. In order to secure the web application agencies have given idea to the bank and other financial corporations to use Secure Socket Layer (SSL) protocol, Transport Layer Security (TLS).But if this is that much secure then why web applications are still having default protocol HTTP (port no. 80)?This we can understand by this conversation:Client: Hello!! http://www.laksha.net/Client connects to TCP port 80 and wants this hostHere http tells webserver which host is requested with which configuration and what content shall be presented to the clientWebserver: Hi!! I have http://www.laksha.net/Gives respective configuration and presents content at the client.But in other hand SSH and other secure service like TLS behaves like they are possessed. They don’t even tell webserver which webserver is requ…

Better to start with Information Security, we first know what is Information. Information is an asset that has value to the organization's business. In sort we can say asset which has some value to organization is called information. The information may be in any form of hard, soft or spoken in conversation. If an asset that has some value i.e. information, consequently needs some appropriate protection.Security is a protection to any thing. So Information security is protection of organizational valuated assets from any kind of treats, to ensure low business risk, business continuity and maximum benefits from the investments.Security may concern from outsiders (e.g. Hacker), or insiders (e.g. Disgruntled Employee).Information Security can achieved by set of policy, procedures & process i.e. controls. The Information Security is covered under ISO-27001:5000.